arandom(4) is a high quality SRNG (stretched RNG). It passes these
test suites quite well on bleu (IBM X40, without TPM support). I also
took 128 MiB samples from the same /dev/arandom, as well as
from tear (Via C7), herc (P-233MMX), ss5, eurynome. The results are
similar to each other (some of the tests rewind the input file a lot
of times, so there are of course differences to the test using the
arandom(4) stream directly – but the results are as good as can be
expected, and tests that happen to fail (which is expected too, as
it’s random after all) pass quite well with other runs). Another 128
MiB snippet of the TPM output looks to be as good as the arandom one,
which doesn’t infer that it’s a TRNG, but it’ll at least help; the
C7 xstore-rng output however looks rather bad in some tests (such as
the Chi square test); apparently, the kernel initialises it with not
optimum values (which may even be correct, as we use the RNG
from kernel space, so a bias doesn’t matter, whereas Von Neumann bias
correction would eat up very many bits; additionally, it’s designed
to work from VIA C3 onwards).

I think the Entropy
Key will have even better results. It’s still a thermal noise
(or Johnson noise?) type, not a “real” QRNG (using photons and a
mirror, or radioactive material and a Geiger counter), unless the
one from fourmilab.ch (I’d insert a link here, but John Walker’s
site appears to be down). Personally, I use the use-many-sources
and mix approach, getting “best” entropy from external sources,
including fourmilab’s (via https), “good” from myself (VIA C7,
IBM TPM, soon eKey); “medium”, “regular” and “bad” from myself,
where most of these are non-interceptible – the RANDOM.SYS for DOS
author says every bit counts, and I think so too. cprng(8) is an
example of “medium” (or “bad” if you lack the appropriate hardware)
source; keyboard/mouse are “regular”, disc/net I/O are “bad” but
available. The four-pool mixing helps, and the results show. Hell,
even nwt has good entropy. And the RANDEX protocol helps
some, too. Untrusted, but potentially good bits; wrandom(4) pool.